Merge branch 'stable-2.14'
* stable-2.14:
Add configuration to disable granting project ownership
Make project creator an owner if not already by inheritance
Fix code block in documentation
Allow project creation to delegating users
Add eclipse-out to .gitignore
Remove Buck build
Add standalone bazel build
Add missing "Implementation-Vendor" in manifest with bazel build
Format BUILD file with buildifier
Change-Id: I40bbb19373f4252527a953b7c0f6034af79cf0c6
diff --git a/WORKSPACE b/WORKSPACE
index bd7e869..5679ceb 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -2,7 +2,7 @@
load("//:bazlets.bzl", "load_bazlets")
load_bazlets(
- commit = "1e43bcfbad00bfedadc582b1e30907ceafc03262",
+ commit = "87908ae95402aa78dcb29075a7822509c9d04af6",
# local_path = "/home/<user>/projects/bazlets",
)
diff --git a/src/main/java/com/ericsson/gerrit/plugins/projectgroupstructure/ProjectCreationValidator.java b/src/main/java/com/ericsson/gerrit/plugins/projectgroupstructure/ProjectCreationValidator.java
index 3a8f982..3dad1f4 100644
--- a/src/main/java/com/ericsson/gerrit/plugins/projectgroupstructure/ProjectCreationValidator.java
+++ b/src/main/java/com/ericsson/gerrit/plugins/projectgroupstructure/ProjectCreationValidator.java
@@ -21,15 +21,20 @@
import com.google.gerrit.extensions.annotations.PluginName;
import com.google.gerrit.extensions.api.groups.GroupInput;
import com.google.gerrit.extensions.common.GroupInfo;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.TopLevelResource;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.server.config.AllProjectsNameProvider;
+import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.account.GroupMembership;
+import com.google.gerrit.server.config.AllProjectsNameProvider;
import com.google.gerrit.server.config.PluginConfigFactory;
import com.google.gerrit.server.group.CreateGroup;
+import com.google.gerrit.server.permissions.GlobalPermission;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.CreateProjectArgs;
import com.google.gerrit.server.project.NoSuchProjectException;
import com.google.gerrit.server.project.ProjectControl;
@@ -37,8 +42,10 @@
import com.google.gerrit.server.validators.ValidationException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
+import com.google.inject.Provider;
import com.google.inject.Singleton;
+import org.eclipse.jgit.errors.ConfigInvalidException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -86,6 +93,8 @@
private final CreateGroup.Factory createGroupFactory;
private final String documentationUrl;
private final AllProjectsNameProvider allProjectsName;
+ private final Provider<CurrentUser> self;
+ private final PermissionBackend permissionBackend;
private final PluginConfigFactory cfg;
private final String pluginName;
@@ -93,11 +102,15 @@
public ProjectCreationValidator(CreateGroup.Factory createGroupFactory,
@PluginCanonicalWebUrl String url,
AllProjectsNameProvider allProjectsName,
+ Provider<CurrentUser> self,
+ PermissionBackend permissionBackend,
PluginConfigFactory cfg,
@PluginName String pluginName) {
this.createGroupFactory = createGroupFactory;
this.documentationUrl = url + "Documentation/index.html";
this.allProjectsName = allProjectsName;
+ this.self = self;
+ this.permissionBackend = permissionBackend;
this.cfg = cfg;
this.pluginName = pluginName;
}
@@ -108,13 +121,18 @@
String name = args.getProjectName();
log.debug("validating creation of {}", name);
ProjectControl parentCtrl = args.newParent;
- if (parentCtrl.getUser().getCapabilities().canAdministrateServer()) {
+
+ try {
+ permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+
// Admins can bypass any rules to support creating projects that doesn't
// comply with the new naming rules. New projects structures have to
// comply but we need to be able to add new project to an existing non
// compliant structure.
log.debug("admin is creating project, bypassing all rules");
return;
+ } catch (AuthException | PermissionBackendException e) {
+ // continuing
}
if (allProjectsName.get().equals(parentCtrl.getProject().getNameKey())) {
@@ -163,7 +181,7 @@
.apply(TopLevelResource.INSTANCE, new GroupInput());
}
return AccountGroup.UUID.parse(groupInfo.id);
- } catch (RestApiException | OrmException | IOException e ) {
+ } catch (RestApiException | OrmException | IOException | ConfigInvalidException e ) {
log.error("Failed to create project " + name + ": " + e.getMessage(), e);
throw new ValidationException(AN_ERROR_OCCURRED_MSG);
}